Knowledgebase

OpenVPN for FreeBSD

You can connect to the proxy.sh OpenVPN tunnels on FreeBSD using the simple steps described below.

OpenVPN should be installed from the FreeBSD's ports system (see this link). Although a precompiled package is available on FreeBSD, it has not been build with the PW_SAVE option set. Without this option set, users are not able to save their credentials. This is especially important when OpenVPN should come up while the system starts up.

When saving passwords for OpenVPN, keep in mind that they are saved in plain text and that there is no hashing applied. This means that everybody having access to your machine, either physically or via the network, is able to read your user name and your password. We strongly advice to use at least an encrypted container to store your credentials. On FreeBSD, geli can be used for this purpose. In the FreeBSD handbook, there is a section about Encrypting Disk Partitions. Refer to subsection 19.16.2.

Change to the /usr/ports/security/openvpn directory and configure the OpenVPN package:

# cd /usr/ports/security/openvpn # make config

Check the PW_SAFE option to be able to save your credentials. Then continue with building and installing the OpenVPN package:

Before rebooting, verify that OpenVPN's start-up script works correctly.

# /usr/local/etc/rc.d/openvpn start

Invoke ifconfig and netstat like you did it before and verify that the connection got established as expected. Then stop OpenVPN.

# /usr/local/etc/rc.d/openvpn stop

If starting and stopping OpenVPN via the start-up script worked well, the VPN connection will be available every time your machine is started.

You're all set. Enjoy!

NB: If you encounter difficulties to connect with OpenVPN, please try to connect to other servers or try alternative ports, especially more "discreet" ones such as TCP 443 or TCP 80. Please also make sure that the port you are connecting through is fully opened in your firewall/router/network. Below, you will find an aggregate of useful guides and articles that will help you troubleshoot your problems, should you have any.

If you still cannot connect successfully, please open a support ticket and include either a copy of your logs or a screenshot of your configuration and encountered errors. Logs can usually be found in software menus or settings, as well as their directories of installation (.log or .txt files). If you do not include a log or a screenshot, it will be hard for us to help you resolve the issues you have with connecting to our network.